← Back to context

Comment by tsimionescu

5 years ago

In my example, we have forgotten to validate user data. We are proceeding with the invalid data as if its trusted, and we get an ArrayIndexOutOfBounds - that is a bug, not user error; we should have told the customer that 11 is not valid, instead we will have to tell them that an unspecified error occurred. If this were C++, it may well lead to memory corruption, so dumping core would almost certainly be the safest thing to do. But if it's Java, we can safely continue with program execution, in this case.

In other cases, even in Java, this may lead to corruption. For example, if we wrote that 11 into some kind of configuration file, we may have just corrupted the system persistently, even if we handle the error. So I'm not claiming that his is always a safe thing to do.

However, dumping core is also not safe a lot of the time. In fact, in multi-threaded processes, it can be argued that it is most likely unsafe to crash [as long as there is any kind of persistent state, such as a file] for the same reason interrupting a thread is inherently unsafe - there is absolutely no guarantee possible for what will happen if a thread is interrupted at an arbitrary point.

1 comment

tsimionescu

Reply
Miiko  5 years ago

Do not quite agree with "safely continue" - at the moment you got ArrayIndexOutOfBounds that unvalidated value might be already stored somewhere / used for changing the state, and it may be not possible to revert those changes easily (or at all).

Danger of core dump in MT case is a valid point, though. However, one can argue that "unsafe to crash" is an indication of poor architecture decision - e.g. saving persistent state to file should be done by writing to new file first, and only replacing old file after that is completed (but I kind of agree, this may be hard to make 100% reliable)

P.S. on the other hand, looking on your other comments in this thread, I do agree with your point - yes, there are cases indeed when you have an assurance the error could not corrupt the state / propagate to other part of the program, then logging error and not crashing is a better option. That's rarely happens in my projects, but this is specific of what I'm doing, and does not invalidate the point.